I have been trying to resolve this problem for a couple weeks and tried hundreds of
iterations without success. I will try to be brief and concise.
(1) I have a centos 6.4 openldap-2.4.35 server configured for ssh authentication with
a test account "localjoe".
dn:uid=localjoe,ou=internal,dc=example,dc=com
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:inetOrgPerson
objectClass:posixAccount
cn:CN=localjoe,ou=internal,dc=example,dc=com
sn:localjoe
userPassword:{MD5}KRVE5i0tSdtSdBLzZ6h3VnR4dk4
description:posix acct
ou:internal
uid:localjoe
uidNumber:103418
gidNumber:100
loginShell:/bin/bash
homeDirectory:/tmp
(2) I have an ubuntu ldap client system (zander) and can ssh localjoe@zander
successfully.
(3) I have a centos 6.4 sssd ldap client system (argot) and cannot ssh localjoe@argot.
(4) The client (argos) /var/log/secure reports:
------------------------------------------------------------
Aug 21 07:56:39 argot sshd[9640]: pam_succeed_if(sshd:auth): error retrieving
information about user localjoe
Aug 21 07:56:41 argot sshd[9640]: Failed password for invalid user localjoe from
XX.XX.XX.XX port 50380 ssh2
Aug 21 07:56:44 argot sshd[9641]: Connection closed by XX.XX.XX.XX
Aug 21 07:59:47 argot sshd[9688]: Invalid user localjoe from XX.XX.XX.XX
Aug 21 07:59:47 argot sshd[9689]: input_userauth_request: invalid user localjoe
Aug 21 07:59:51 argot sshd[9688]: pam_unix(sshd:auth): check pass; user unknown
Aug 21 07:59:51 argot sshd[9688]: pam_unix(sshd:auth): authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=argot
(5)The client (argos) sssd log file reports:
-------------------------------------------------------
(Wed Aug 21 08:27:45 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!
(6) "getent passwd" works with nslcd daemon running but "getent --s sss
passwd" does
not work.
(7) ldapsearch (as per example from this mail list works ok:
--------------------------------------------------------------------------------
[root@argot security]# ldapsearch -x -LLL
'(&(uid=localjoe)(objectClass=posixAccount))' uidnumber homedirectory
gidnumber
loginshell
dn: uid=localjoe,ou=internal,dc=example,dc=com
uidNumber: 103418
gidNumber: 100
loginShell: /bin/bash
homeDirectory: /tmp
I wonder if anyone has heard of similar problems with centos 6.4 sssd ldap client and
might have a suggestion.
thanks,
John.
Show replies by date